I’m not finding any information online other than that it’s difficult
You must log in or register to comment.
Anti cheat software tries to find cheats running on the computer, and in order to that, so called kernel-level anticheat hooks into NT (Windows kernel) internals, and runs at the highest possible privilege level. It has to do that so it can monitor everything going on in the system. If it didn’t do that, the cheat could just hide from the anticheat software by running with superior privileges.
Wine does not implement undocumented/internal parts of NT, and neither does it run at an elevated privilege level. It also cannot realistically implement any and all possible NT kernel internals, and it cannot possibly hide the fact that it’s actually wine, and not real Windows, from any program that really wants to figure this out.
If wine tried to implement a specific workaround for a specific anti-cheat software/version, in order to it trick into thinking it’s running on a real Windows system with elevated privileges, the anti-cheat vendor would likely interpret this as a kind of deception, and they could easily update their software to detect this situation.
Theoretically, anti-cheat vendors could do kernel-level anticheat for the Linux kernel specifically if the game runs on Linux, but this has problems: First of all a general backlash and complete lack of cooperation from the Linux community (btw, Microsoft isn’t too happy about them doing this on Windows either, and they might at some point do something about this, since it’s bad for security and stability). Also, Linux kernel internals aren’t at all stable, and so just practically you cannot hook into the Linux kernel nearly as easily as you can into NT.
Some anti-cheat vendors do support Linux though, but only optionally if the game dev allows that. In practice, this just means many checks will just be disabled on Linux, which is presumably why many games do not enable the Linux support.
tl;dr: No. Only the anti-cheat vendor / game dev can realistically fix the situation, and they may not want to because it’ll be worse at actually detecting cheats on Linux in practice.
it already runs anticheat whenever game developers allow it to.
No, forget anticheat games. It’s not possible to create a “fake” rootkit. If it was possible, they would have done it for Windows too, and it would defeat the purpose of anti-cheat. So, just don’t run these games. They don’t worth your security.
I mean I wouldn’t mind defeating the purpose of anticheat. Let’s all defeat the purpose of anticheat.
Lightning flashes, sparks shower, in one blink of your eyes you’ve mis-seen.
Yes, we are waiting for the CrowdStrike aha moment where the industry learns the hard way that anticheat with root privileges was a dangerous idea not worth the risks.
User space level anticheat yes,kernel anticheat no and I actually happy about ,kernel level anticheat behaving literally like malware/rootkit
Kernel level anticheat that thinks it’s kernel level and runs in userspace is the best of both worlds though, is it not?
if that was possible, it would be relatively easy to defeat them on windows too
No, because then you can just run software cheats at kernel level which would be completely undetectable to userspace anti cheat
So? I just want the games to run, I don’t care about that side of it at all, that side of it is essentially pointless to me. There were always workarounds anyway, what does it matter?
At that point you might as well not have a kernel level anti cheat and companies who insist on kernel level anti cheat will block wine. The only solutions I see are
- Developers mainly use server side anti cheat
- They make native Linux games
- Distros provide a way to ensure a untainted (signed) kernel
That would ba a massive win in my book, kernel level anticheat is malware.
make it so that they can’t block wine without blocking windows and kernel level anticheat is gone
You cannot realistically make it impossible to detect that you’re running on wine. Wine just implements the Windows ABIs. The actual code running is totally different. Even just reading any of the binary code of literally any function would reveal it’s different from the Windows code. How are you going to stop it from doing memory reads on stuff that it needs to be able to read? You can’t. You’d need a full hardware emulator for that.
Developers who use kernel anti-cheat don’t support Linux because userspace anti-cheat is largely pointless. It doesn’t matter if you personally don’t care, the companies that want anti-cheat do care.
The workaround for kernel anti-cheat requires hundreds of USD in hardware. The workaround for userspace anti-cheat is entirely software.
Because of this, you will have less cheaters if cheating has a $500 price tag. That’s why kernel anti-cheat is effective, there’s no way for that to be solved with a WINE patch.
I simply do not believe that it costs that much to cheat with kernel level anticheat.
kernel level anticheat is pointless malware in my book, let it burn
It requires either a Direct Memory Access card and supporting software or a video capture card and enough processing power to run fast image classification for AI aim bots.
Anything running directly on the PC can be detected by the kernel anti-cheat.
You can look online for the hardware and prices
What about a VM?
That’s why kernel anti-cheat is effective
Is it actually effective tho?
It doesn’t stop cheating, it just makes cheating require spending a few hundred dollars and dealing with complex hardware setups. This means that relatively few people try.
Non-kernel anti-cheat can be bypassed by software. So it’s cheap and easily available.
That’s the only difference. Kernel anti-cheat doesn’t prevent cheating, it just makes it more expensive.
Can’t you just use a virtual machine?
Anticheat detects if you’re running normal Windows or something else.
If you’re using something else, they won’t let you play the game.
Wine is something else.
Only anticheat that doesn’t nest itself very deep into the windows kernel.
That is something I’m aware of but not what I’m looking for, I’m looking for news about workarounds, preferably new news, if there is any
Most could, but most are also designed not to because adding a virtualization type of layer allows for ways to circumvent it. Anticheat needs to trust the environment it is running in so it can rely on the information. Wine is designed to replicate things it trusts in Windows, but not actually necessarily replicate the way the kernel actually does those things, so the things they are relying on might not mean the same thing as the do in Windows. So they’d need to analyze and possibly implement things a bit differently. This takes time and money and for companies like this, the customer isn’t the user, so they have little reason to cater to users needs. Pro gaming and a few online game companies are their primary customers and they generally don’t want to support Linux anyway.
https://areweanticheatyet.com/no-js
Proton anti-cheat works with punk buster and what ever garbage gta5 is using now.
GTAV? I thought there would be more fanfare considering how much coverage the removal of Linux support got
I wonder if immutable systems could negate the need for kernel anti cheat. If the game can ensure the current kernel and image is one from a list of acceptable ones, it doesn’t need to kernel anti cheat. They could do this by comparing the checksum or something.
That’s essentially a console and not a ‘pc’
Did you know that most big anti cheat systems actually do run in Wine when allowed to by the developer?
Yeah but that doesn’t count tbh, if the dev has to give the okay we lose a ton of games, and that isn’t what I’m looking for, the dev shouldn’t be able to know it isn’t running on windows
You can’t lose what you never had, though. ;-)
Then the answer is definitely not - at the very least Wine would need to simulate a very large part of the NT kernel.
I hope not. I hope it never does. Windows users are weird enough not giving a shit about installing rootkits on their computer. We don’t want this in Linux. What computer is worth compromising just for some game to determine whether or not you’re cheating at it?
I don’t want it to properly function, I want it to run in userspace.
Just buy a minipc and use it solely for gaming on Windows if you really need to game.
Based on his other comments, he’s hoping to use Wine to cheat
No, I have no interest in cheating
No idea why you’ve been down voted. If someone simply must play kernel level anti-cheat games, the best way to do it is on Windows. Developers have made it very clear they do not trust Wine/Proton/Linux and that are market share is simply too small to care.
